Hi, got an issue with a DAG outcome. I have a site_A populated by AD connection with devices. Works well - it populates the site_A with names and OS, but not with IP addresses of the devices. Understood, need to do discovery to get IPs. I have no scans scheduled for site_A as it only serves as the AD connection population target. Than I have a DAG which filters the devices from site_A based on this filter: Site name - is - "site_A" Last scan date - earlier than - 1 day (1 day is for testing only, in production I will have 30 or so) The problem is that if site_A has just been populated with fresh new devices from AD connection the DAG won't return any devices regardless of the "last scan date" filter condition setting - I've tried both complementary options: (Last scan date - earlier than - 1 day) and (Last scan date - within the last - 1 day). DAG just don't show any devices from site_A. When I delete the second condition with "last scan date" and keep only the "site name..."condition the DAG correctly returns all the devices in site_A. I have also waited one, two and three days to check if days play any role in the DAG generating - but they obviously don't as I have been getting the same results each day. Am I doing anything wrong? Can anyone help? My aim is to scan the devices from site_A by small portions every day - so I thought I would manually run a scan for a small portion of devices each day until all of them are scanned and then let a site based on the DAG to be scanned every day on schedule. With the condition "Last scan date - earlier than - 30 days ago" in the DAG the daily scans will do only a small portion of devices which have not been scanned within last 30 days forever. Any better idea how to achieve that is also welcome. Thanks.
Posted by Jiri Dohnal 11 months ago
1. I startup metaspolit in Kali terminal window . and open firefox , type in ''https://localhost:3790 '' but it says ''Unable to connect'' 2. I only see the operation with UI in the official DOC , so where I can learn the metaploit command ??
Posted by YuzhenChen 11 months ago
I am trying to figure out a SQL query to pull how many vulnerabilities we had on a specific date. I am looking for something similar to the "Vulnerability Count Comparison" and the Nexpose "Vulnerability Trends report" where it will show the total amount of vulnerabilities on January 1st. After reviewing the Nexpose data base schema (https://help.rapid7.com/nexpose/en-us/warehouse/warehouse-schema.html) it looks like "fact_all_date" should be where I want to go but running a query selecting anything from this fact fails stating that it can not be found. I can pull from almost all other facts so I don't know if this is out of date. Has anyone else had any success with a query or found an up to date db scheme?
Posted by Robert DeBellis 11 months ago
We need to use Rapid7 VM tool and integrate it with the CA Service Desk manager. Is it possible to do this? Also, I've read about Lieberman's RED software, is it possible to integrate Rapid7 with the help desk via this software?
Posted by Divya Ambwani 11 months ago
Hi, we've installed an InsightVM scan engine on a Ubuntu 16.04 64-bit VM. When prompted, we chose to install a scan engine rather than a security console. We also chose for the communications to go from the console to the scan engine, so the scan engine should be listening for incoming communications on port 40814/tcp as I understand it. The installation appeared to be successful. Just to be safe, we rebooted the VM. We were never asked to enter our license key, which seemed odd. We also were never asked to input a shared secret from the security console. After installation, we do "netstat -an | grep LISTEN", and do not see port tcp/40814 as being in a listening state. I tried manually running: sudo systemctl start nexposeengine and sudo systemctl start nexposeengine.service Each time, "echo $?" shows the return code was 0, indicating it was successful, but we still don't see port tcp/40814 as listening. When I attempt to create a new scan engine from the security console, I input the scan engine IP but when the console tries to connect we see "java.net.ConnectException: Connection refused". Any idea what we're doing wrong? Thank you, -Kevin Cawlfield
Posted by Kevin Cawlfield 11 months ago
Hi, we are trying to install Metasploit Pro on remote Ubuntu 16.04 LTS server in cloud and we followed recommended commands for linux headless server from official webpage: ``` wget http://downloads.metasploit.com/data/releases/metasploit-latest-linux-x64-installer.run chmod +x ./metasploit-latest-linux-x64-installer.run sudo ./metasploit-latest-linux-x64-installer.run ``` However, this always starts an GUI installer and we need to automate installation using ANSIBLE/BASH so we cannot use GUI but just CLI installer. Could please give us an advise on how to proceed? We have already purchased license so we need to start using it as soon as possible. Thanks a lot best regards, Ivan Ulicky Security Engineer
Posted by Ivan Ulicky 11 months ago
Hi, I'm trying to follow the report customization referenced within the support documentation for InsightVM (https://insightvm.help.rapid7.com/docs/report-templates-and-sections), however for some of the reports (e.g. Top Remediations with Details) I do not have option to copy the report. Is there a way to copy this report to use as a template for custom reports as described in the documentation?
Posted by Eric A 11 months ago
I am trying to active a new install of the virtual appliance. I keep getting 'activation failed cannot activate at this time'. I ran rebooted, and ran the diagnostics: Category Description Status Result Database Diagnostics Deleted Sites Consistency Success There are no partially deleted sites. Database Diagnostics Node Synopsis Consistency Success All nodes have synopsis data. Database Diagnostics Scan Synopsis Consistency Success All scans have synopsis data. Database Diagnostics Asset Synopsis Consistency Success All assets have synopsis data. Database Diagnostics Site Synopsis Consistency Success All site synopsis tables appear consistent. Database Diagnostics Asset Group Synopsis Consistency Success All asset groups have synopsis data. Database Diagnostics Scan Status Consistency Success All scan statuses appear consistent. Database Diagnostics Policy Synopsis Consistency Success The policy synopsis table appears to be consistent. Database Diagnostics Asset Policy Rule Synopsis Consistency Success All asset and policy rules have synopsis data. Database Diagnostics Asset Policy Synopsis Consistency Success All asset and policies have synopsis data. OS Diagnostics Supported OS Success System is running on a supported OS: Ubuntu Linux 16.04 OS Diagnostics Memory requirements Success Total OS memory: 7983MB JVM maximum memory: 5971MB. Used Memory: 2946MB OS Diagnostics Disk space requirements Success System meets minimum disk space requirements: 74928MB free. General Diagnostics VM Version Success VMSC Name: CN=Rapid7 Security Console, O=Rapid7 Last update: 117483016 (2018-03-14) VM version: OpenJDK 64-Bit Server VM 25.102-b14 (Linux amd64) OS version: Ubuntu Linux 16.04 General Diagnostics VM Scan Engine Version Success Local scan engine Status: Active OS version: Ubuntu Linux 16.04 Last Update: 117483016 (2018-03-14) Rapid7 Hosted Scan Engine Status: Unknown Network Diagnostics Host-based firewalls disabled Success Network Diagnostics Gateway Ping Success Gateway ping via ICMP ECHO () : ALIVE Gateway ping via TCP on port 21, 23 and 80 () : ALIVE Network Diagnostics DNS Name Resolution Success Successfully resolved 'www.rapid7.com' to 18.104.22.168
Posted by Michael Marohn 11 months ago
Hello: Any custom metasploit module I create isn't getting loaded. I tried both of these demos: https://www.offensive-security.com/metasploit-unleashed/building-module/ and https://github.com/rapid7/metasploit-framework/wiki/Loading-External-Modules and got the same result that the modules were NOT found. Before posting here, I checked these out: https://forums.kali.org/showthread.php?28940-Metasploit-modules-not-loading! and https://www.offensive-security.com/metasploit-unleashed/modules-and-locations/ Just working with the later URL, on the Kali host, I do indeed have the file in the right location (according to the demo) root@kali:~/.msf4/modules/exploits/test# ls -al total 12 drwxr-xr-x 2 root root 4096 Mar 19 13:59 . drwxr-xr-x 3 root root 4096 Mar 19 13:58 .. -rw-r--r-- 1 root root 9 Mar 19 13:59 test_module.rb I then ran reload_all and when using this command: use exploit/test/test_module it returns with Failed to load module. I also tried to manually load that path and it failed too: msf > loadpath ~/.msf4/modules/ Loaded 0 modules: Any assistance you can provide in solving why metasploit isn't picking up any custom modules is greatly appreciated!
Posted by Chris 11 months ago
I'm working on developing custom reports, similar to some of the .Jar files I've found here in the docs (like https://kb.help.rapid7.com/docs/trend-and-top-remediations-report-template). I'm new to Nexpose and just wanted to modify a couple of the rules around the template, and load it back into the Nexpose Report console using the upload a file option to create a new template. However when I repackage the .jar and upload it, I receive a message saying the file is not trusted. What is the proper channel/process to create a custom jar template like that? I appreciate your help!
Posted by Joshie Nygaard 11 months ago
Hello, Based on documentation I should find "Amazon Web Services Asset Sync" in "Administration" -> "Connections" -> "Create/Manage". But from dropdown I can only see "Amazon Web Services (Legacy)" and other 5 none AWS related options. And it also redirects back to creation of connection without errors if I try to setup "AWS (Legacy)" option. So how to setup connection to AWS? Thanks Dainius
Posted by Dainius 11 months ago
Hi We have a couple of servers scanned by insightvm (agent and ssh/key) which are reporting vulnerabilities from stored files (bundled JREs). These are part of installers stored on the machines with JRE bundled by vendor. Is there any way to exclude some paths from scanning (rather than exclude the hundreds of vulnerabilities reported)? Is there a better way to do this? Thanks,
Posted by h 11 months ago
Hi All, On the report "top 25 remediations by risk", we'll have a remediation such as "update to the latest version of Adobe Air". Is there any way to see (either in a report, or the web console) the actual devices under this remediation? Ideally, I'd like to see this in the web console, so I can run filters etc.
Posted by Jonathon Zachariah 11 months ago
We have a DC in a firewalled network. We are seeing failed communication (via ASA logs) between the collector and the DC on TCP 49154. I see no mention of that port anywhere in the documentation. We are unable to query the DC via WMI and this is the only port we are seeing denies on since creating the log source. Thoughts? Just allow 49154 and call it good? TIA
Posted by Scot Lymer 11 months ago
Hello, I am a student in cuber security and i have one problem. In the lab we hacked the Windows XP with the command "msfpayload windows/adduser" Now they want to hack again the Windows XP but with the "windows/exec" to run any command in the windows XP. Can you tell me how to do it? I am searching all the time in google and i can't find the way. Please guys Thank you
Posted by Nefeli Anthi 11 months ago